XPost: uk.d-i-y   
   From: joe@jretrading.com   
      
   On Wed, 2 Apr 2025 21:02:02 +0100   
   John R Walliker  wrote:   
      
   > On 02/04/2025 07:41, Lawrence D'Oliveiro wrote:   
      
   > >   
   > > Exhibit A: OpenSSL   
   > > .   
   > >   
   >   
   > This example is 11 years old!   
   >   
   >   
      
   And it will never be forgotten. It is a perfect textbook example of how   
   not to create extremely important and sensitive production software, to   
   be used by half the world. It will be taught in computer science   
   classes forever.   
      
   The bug was a schoolboy buffer addressing error. The code involved a   
   new function in OpenSSL, one which had previously been considered   
   unnecessary. It was coded by a student, and it was audited by *one*   
   other person, who had a close personal connection with the writer,   
   before inclusion in the Linux kernel.   
      
   In other words, everything that could be done incorrectly in terms of   
   accepted software engineering practices was done. The error was always   
   claimed to be accidental, but certainly, the intelligence services of   
   the world, and many criminals, benefited from it.   
      
   --   
   Joe   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)